apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: workstation
spec:
  updateStrategy:
    type: OnDelete
  selector:
    matchLabels:
      app.kubernetes.io/name: workstation
      app.kubernetes.io/part-of: workstation
  template:
    metadata:
      labels:
        app.kubernetes.io/name: workstation
        app.kubernetes.io/part-of: workstation
    spec:
      automountServiceAccountToken: false
      terminationGracePeriodSeconds: 600
      initContainers:
      - name: volume-mount-hack
        image: busybox
        imagePullPolicy: IfNotPresent
        command:
        - sh
        - -c
        - |
          set -o nounset -o errexit -o pipefail

          chown 1000:998 /home/oleg
          chmod 0755 /home/oleg

          mkdir /home/oleg/.docker
          chown 1000:998 /home/oleg/.docker

          mkdir /home/oleg/.cache
          chown 1000:998 /home/oleg/.cache

          mkdir /home/oleg/.config
          chown 1000:998 /home/oleg/.config

          mkdir /home/oleg/.local
          chown 1000:998 /home/oleg/.local

          mkdir /home/oleg/.local/var
          chown 1000:998 /home/oleg/.local/var

          mkdir /home/oleg/.local/var/log
          chown 1000:998 /home/oleg/.local/var/log

          mkdir /home/oleg/.local/share
          chown 1000:998 /home/oleg/.local/share

          mkdir /home/oleg/.ssh
          chown 1000:998 /home/oleg/.ssh

          mkdir /mnt/nixos/home/oleg
          chown 1000:998 /mnt/nixos/home/oleg

          mkdir /mnt/nixos/home/oleg/.docker
          chown 1000:998 /mnt/nixos/home/oleg/.docker

          mkdir -p /mnt/nixos/home/oleg/.mozilla
          chown 1000:998 /mnt/nixos/home/oleg/.mozilla

          mkdir -p /mnt/nixos/home/oleg/.config
          chown 1000:998 /mnt/nixos/home/oleg/.config

          mkdir /mnt/nixos/home/oleg/.local
          chown 1000:998 /mnt/nixos/home/oleg/.local

          mkdir /mnt/nixos/home/oleg/.local/share
          chown 1000:998 /mnt/nixos/home/oleg/.local/share

          mkdir /mnt/nixos/home/oleg/.ssh
          chown 1000:998 /mnt/nixos/home/oleg/.ssh
        volumeMounts:
        - mountPath: /home/oleg
          name: container-home-oleg
        - mountPath: /mnt/nixos/home
          name: nixos-home
      - name: clean-gnupg
        image: busybox
        imagePullPolicy: IfNotPresent
        command:
        - sh
        - -c
        - |
          set -o nounset -o errexit -o pipefail
          rm -f /home/oleg/.gnupg/gpg-agent.conf /home/oleg/.gnupg/gpg.conf
        volumeMounts:
        - name: home-oleg-dot-gnupg
          mountPath: /home/oleg/.gnupg
      containers:
      - image: harbor.home.wugi.info/library/guix-image-workstation:latest
        name: guix
        ports:
        - containerPort: 5353
          name: avahi
          protocol: UDP
        - containerPort: 16400
          name: scream
          protocol: UDP
        securityContext:
          capabilities:
            add:
            - SYS_ADMIN
          privileged: true
        tty: true
        volumeMounts:
        - mountPath: /run
          name: guix-run
          mountPropagation: Bidirectional
        - mountPath: /dev/dri
          name: dev-dri
        - mountPath: /dev/input
          name: dev-input
        - mountPath: /dev/tty0
          name: dev-tty2
        - mountPath: /dev/tty2
          name: dev-tty2
        - mountPath: /dev/fuse
          name: dev-fuse
        - mountPath: /etc/nsswitch.conf
          name: nsswitch
        - mountPath: /etc/services
          name: services
        - mountPath: /dev/shm
          name: guix-shm
        - mountPath: /tmp
          name: guix-tmp
        - mountPath: /mnt/guix/var/run/shepherd/socket
          name: var-run-shepherd-socket
        - mountPath: /home/oleg
          name: container-home-oleg
        - name: home-oleg-dot-cache-ihs
          mountPath: /home/oleg/.cache/ihs
        - name: home-oleg-dot-config-obs-studio
          mountPath: /home/oleg/.config/obs-studio
        - name: home-oleg-dot-config-remmina
          mountPath: /home/oleg/.config/remmina
        - name: home-oleg-dot-config-sway
          mountPath: /home/oleg/.config/sway
        - name: home-oleg-dot-local-share-remmina
          mountPath: /home/oleg/.local/share/remmina
        - name: home-oleg-dot-local-share-telegram
          mountPath: /home/oleg/.local/share/TelegramDesktop
        - name: home-oleg-dot-password-store
          mountPath: /home/oleg/.password-store
        - name: home-oleg-dot-gnupg
          mountPath: /home/oleg/.gnupg
        - name: home-oleg-ssh-private-key
          mountPath: /home/oleg/.ssh/id_ed25519
        - name: home-oleg-ssh-public-key
          mountPath: /home/oleg/.ssh/id_ed25519.pub
        - name: home-oleg-ssh-majordomo-gitlab-private-key
          mountPath: /home/oleg/.ssh/id_rsa_gitlab_intr_nopass
        - name: home-oleg-ssh-majordomo-gitlab-public-key
          mountPath: /home/oleg/.ssh/id_rsa_gitlab_intr_nopass.pub
        - name: home-oleg-ssh-gitlab-com-private-key
          mountPath: /home/oleg/.ssh/id_rsa_gitlab
        - name: home-oleg-ssh-gitlab-com-public-key
          mountPath: /home/oleg/.ssh/id_rsa_gitlab.pub
        - name: home-oleg-ssh-known-hosts
          mountPath: /home/oleg/.ssh/known_hosts
        - name: home-oleg-bash-history
          mountPath: /home/oleg/.bash_history
        - name: root-bash-history
          mountPath: /root/.bash_history
        - name: home-oleg-src
          mountPath: /home/oleg/src
        - name: home-oleg-local-share-chezmoi
          mountPath: /home/oleg/.local/share/chezmoi
        - name: srv
          mountPath: /srv
        - name: home-oleg-config-qbittorrent
          mountPath: /home/oleg/.config/qBittorrent
        - name: home-oleg-dot-local-share-qbittorrent
          mountPath: /home/oleg/.local/share/qBittorrent
        - name: qbittorrent-incomplete
          mountPath: /mnt/qbittorrent-incomplete
        - name: guix-var-log
          mountPath: /var/log
        - name: guix-home-oleg-local-var-log
          mountPath: /home/oleg/.local/var/log
        - mountPath: /home/oleg/.docker/config.json
          readOnly: true
          name: docker-configuration
      - name: nixos
        image: harbor.home.wugi.info/library/nixos-systemd:latest
        command:
        - /entrypoint.sh
        env:
        - name: container
          value: docker
        ports:
        - containerPort: 5900
          name: vnc
          protocol: TCP
        securityContext:
          capabilities:
            add:
            - SETUID
            - BLOCK_SUSPEND
            - NET_ADMIN
            - NET_BIND_SERVICE
            - NET_RAW
            - SYS_ADMIN
            - SYS_CHROOT
            - SYS_NICE
            - SYS_PTRACE
            - SYS_RESOURCE
            - SYS_TIME
          privileged: true
        lifecycle:
           preStop:
             exec:
               command:
               - /bin/sh
               - -c
               - |
                 if /run/current-system/sw/bin/systemctl poweroff
                 then
                     :
                 else
                     exit 0
                 fi
        tty: true
        volumeMounts:
        - mountPath: /dev/dri
          name: dev-dri
        - mountPath: /dev/tty0
          name: dev-tty9
        - mountPath: /dev/tty9
          name: dev-tty9
        - mountPath: /run
          name: nixos-run
        - mountPath: /mnt/guix/tmp
          name: guix-tmp
        - mountPath: /mnt/guix/run
          name: guix-run
          mountPropagation: HostToContainer
        - mountPath: /home
          name: nixos-home
        - mountPath: /home/oleg/.mozilla/firefox
          name: home-oleg-mozilla-firefox
        - name: home-oleg-bash-history
          mountPath: /home/oleg/.bash_history
        - name: home-oleg-dot-config-google-chrome
          mountPath: /home/oleg/.config/google-chrome
        - name: root-bash-history
          mountPath: /root/.bash_history
        - name: home-oleg-config-wayvnc
          mountPath: /home/oleg/.config/wayvnc
        - name: home-oleg-dot-local-share-chatterino
          mountPath: /home/oleg/.local/share/chatterino
        - name: nixos-var-log
          mountPath: /var/log
        - name: home-oleg-ssh-majordomo-gitlab-private-key
          mountPath: /home/oleg/.ssh/id_rsa_gitlab_intr_nopass
        - name: home-oleg-ssh-majordomo-gitlab-public-key
          mountPath: /home/oleg/.ssh/id_rsa_gitlab_intr_nopass.pub
        - name: home-oleg-src
          mountPath: /home/oleg/src
        - name: home-oleg-ssh-known-hosts
          mountPath: /home/oleg/.ssh/known_hosts
        - name: home-oleg-robo3t
          mountPath: /home/oleg/.3T
        - name: nixos-var-lib-docker
          mountPath: /var/lib/docker
        - name: home-oleg-local-share-chezmoi
          mountPath: /home/oleg/.local/share/chezmoi
        - name: mnt-web-btrfs-web99-home
          mountPath: /mnt/web-btrfs/web99-home
        - name: mnt-web-ext4
          mountPath: /mnt/web-ext4
        - mountPath: /home/oleg/.docker/config.json
          readOnly: true
          name: docker-configuration
      - image: harbor.home.wugi.info/library/archlinux-systemd:latest
        name: archlinux
        env:
        - name: container
          value: docker
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
            - NET_BIND_SERVICE
            - NET_RAW
            - SYS_ADMIN
            - SYS_NICE
            - SYS_TIME
          privileged: true
        tty: true
        lifecycle:
           preStop:
             exec:
               command:
               - /bin/sh
               - -c
               - |
                 if /bin/systemctl poweroff
                 then
                     :
                 else
                     exit 0
                 fi
        volumeMounts:
        - mountPath: /run
          name: archlinux-run
        - mountPath: /tmp
          name: archlinux-tmp
        - mountPath: /dev/dri
          name: dev-dri
        - mountPath: /mnt/guix/run
          name: guix-run
          mountPropagation: HostToContainer
        - mountPath: /mnt/guix/tmp
          name: guix-tmp
        - name: home-oleg-bash-history
          mountPath: /home/oleg/.bash_history
        - name: root-bash-history
          mountPath: /root/.bash_history
        - name: home-oleg-config-socialstream
          mountPath: /home/oleg/.config/SocialStream
        - name: archlinux-var-log
          mountPath: /var/log
        - name: home-oleg-src
          mountPath: /home/oleg/src
      - image: harbor.home.wugi.info/library/kali-rolling:latest
        name: kali-rolling
        env:
        - name: container
          value: docker
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
            - NET_BIND_SERVICE
            - NET_RAW
            - SYS_ADMIN
            - SYS_NICE
            - SYS_TIME
          privileged: true
        tty: true
        lifecycle:
           preStop:
             exec:
               command:
               - /bin/sh
               - -c
               - |
                 if /bin/systemctl poweroff
                 then
                     :
                 else
                     exit 0
                 fi
        volumeMounts:
        - mountPath: /run
          name: kali-rolling-run
        - mountPath: /tmp
          name: kali-rolling-tmp
        - mountPath: /dev/dri
          name: dev-dri
        - mountPath: /mnt/guix/run
          name: guix-run
          mountPropagation: HostToContainer
        - mountPath: /mnt/guix/tmp
          name: guix-tmp
        - name: home-oleg-bash-history
          mountPath: /home/oleg/.bash_history
        - name: root-bash-history
          mountPath: /root/.bash_history
        - name: kali-rolling-var-log
          mountPath: /var/log
      - image: harbor.home.wugi.info/library/gentoo-systemd:latest
        name: gentoo
        env:
        - name: container
          value: docker
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
            - NET_BIND_SERVICE
            - NET_RAW
            - SYS_ADMIN
            - SYS_NICE
            - SYS_TIME
          privileged: true
        tty: true
        lifecycle:
           preStop:
             exec:
               command:
               - /bin/sh
               - -c
               - |
                 if /bin/systemctl poweroff
                 then
                     :
                 else
                     exit 0
                 fi
        volumeMounts:
        - mountPath: /run
          name: gentoo-run
        - mountPath: /tmp
          name: gentoo-tmp
        - mountPath: /dev/dri
          name: dev-dri
        - mountPath: /mnt/guix/run
          name: guix-run
          mountPropagation: HostToContainer
        - mountPath: /mnt/guix/tmp
          name: guix-tmp
        - name: home-oleg-bash-history
          mountPath: /home/oleg/.bash_history
        - name: root-bash-history
          mountPath: /root/.bash_history
        - name: gentoo-var-log
          mountPath: /var/log
      volumes:
      - name: dev-dri
        hostPath:
          path: /dev/dri
          type: Directory
      - name: dev-input
        hostPath:
          path: /dev/input
          type: Directory
      - name: dev-tty2
        hostPath:
          path: /dev/tty2
          type: CharDevice
      - name: dev-tty9
        hostPath:
          path: /dev/tty9
          type: CharDevice
      - name: dev-fuse
        hostPath:
          path: /dev/fuse
          type: CharDevice
      - name: nsswitch
        hostPath:
          path: /etc/nsswitch.conf
          type: File
      - name: services
        hostPath:
          path: /etc/services
          type: File
      - name: guix-shm
        emptyDir:
          medium: Memory
          sizeLimit: 1Gi
      - hostPath:
          path: /home/oleg
          type: Directory
        name: home-oleg
      - emptyDir:
          medium: Memory
          sizeLimit: 4G
        name: guix-tmp
      - emptyDir:
          medium: Memory
          sizeLimit: 4G
        name: archlinux-tmp
      - emptyDir:
          medium: Memory
          sizeLimit: 512M
        name: guix-run
      - emptyDir:
          medium: Memory
          sizeLimit: 512M
        name: nixos-run
      - emptyDir:
        name: nixos-home
      - emptyDir:
          medium: Memory
          sizeLimit: 512M
        name: archlinux-run
      - name: var-run-shepherd-socket
        hostPath:
          path: /var/run/shepherd/socket
          type: Socket
      - emptyDir:
          sizeLimit: 4G
        name: container-home-oleg
      - name: home-oleg-dot-cache-ihs
        hostPath:
          path: /home/oleg/.cache/ihs
          type: Directory
      - name: home-oleg-dot-config-google-chrome
        hostPath:
          path: /home/oleg/.config/google-chrome
          type: Directory
      - name: home-oleg-dot-config-obs-studio
        hostPath:
          path: /home/oleg/.config/obs-studio-4k
          type: Directory
      - name: home-oleg-dot-config-remmina
        hostPath:
          path: /home/oleg/.config/remmina
          type: Directory
      - name: home-oleg-dot-config-sway
        hostPath:
          path: /home/oleg/.config/sway
          type: Directory
      - name: home-oleg-dot-local-share-remmina
        hostPath:
          path: /home/oleg/.local/share/remmina
          type: Directory
      - name: home-oleg-dot-local-share-telegram
        hostPath:
          path: /home/oleg/.local/share/TelegramDesktop
          type: Directory
      - name: home-oleg-dot-local-share-chatterino
        hostPath:
          path: /home/oleg/.local/share/chatterino
          type: Directory
      - name: home-oleg-dot-mozilla
        hostPath:
          path: /home/oleg/.mozilla
          type: Directory
      - name: home-oleg-dot-password-store
        hostPath:
          path: /home/oleg/.password-store
          type: Directory
      - name: home-oleg-dot-gnupg
        hostPath:
          path: /home/oleg/.gnupg
          type: Directory
      - name: home-oleg-robo3t
        hostPath:
          path: /home/oleg/.3T
          type: Directory
      - name: home-oleg-mozilla-firefox
        hostPath:
          path: /home/oleg/.mozilla/firefox
          type: Directory
      - name: home-oleg-ssh-private-key
        hostPath:
          path: /home/oleg/.ssh/id_ed25519
          type: File
      - name: home-oleg-ssh-public-key
        hostPath:
          path: /home/oleg/.ssh/id_ed25519.pub
          type: File
      - name: home-oleg-ssh-majordomo-gitlab-private-key
        hostPath:
          path: /home/oleg/.ssh/id_rsa_gitlab_intr_nopass
          type: File
      - name: home-oleg-ssh-majordomo-gitlab-public-key
        hostPath:
          path: /home/oleg/.ssh/id_rsa_gitlab_intr_nopass.pub
          type: File
      - name: home-oleg-ssh-gitlab-com-private-key
        hostPath:
          path: /home/oleg/.ssh/id_rsa_gitlab
          type: File
      - name: home-oleg-ssh-gitlab-com-public-key
        hostPath:
          path: /home/oleg/.ssh/id_rsa_gitlab.pub
          type: File
      - name: home-oleg-ssh-known-hosts
        hostPath:
          path: /home/oleg/.ssh/known_hosts
          type: File
      - name: home-oleg-bash-history
        hostPath:
          path: /home/oleg/.bash_history
          type: File
      - name: root-bash-history
        hostPath:
          path: /root/.bash_history
          type: File
      - name: home-oleg-config-socialstream
        hostPath:
          path: /home/oleg/.config/SocialStream
          type: Directory
      - name: home-oleg-config-qbittorrent
        hostPath:
          path: /home/oleg/.config/qBittorrent
          type: Directory
      - name: home-oleg-dot-local-share-qbittorrent
        hostPath:
          path: /home/oleg/.local/share/qBittorrent
          type: Directory
      - name: home-oleg-src
        hostPath:
          path: /home/oleg/src
          type: Directory
      - name: taskexecutor
        hostPath:
          path: /home/oleg/src/gitlab.intr/hms/taskexecutor
          type: Directory
      - name: home-oleg-local-share-chezmoi
        hostPath:
          path: /home/oleg/.local/share/chezmoi
          type: Directory
      - name: srv
        hostPath:
          path: /srv
          type: Directory
      - name: qbittorrent-incomplete
        hostPath:
          path: /mnt/qbittorrent-incomplete
          type: Directory
      - name: home-oleg-config-wayvnc
        hostPath:
          path: /home/oleg/.config/wayvnc
          type: Directory
      - emptyDir:
          medium: Memory
          sizeLimit: 4G
        name: kali-rolling-tmp
      - emptyDir:
          medium: Memory
          sizeLimit: 512M
        name: kali-rolling-run
      - emptyDir:
          medium: Memory
          sizeLimit: 4G
        name: gentoo-tmp
      - emptyDir:
          medium: Memory
          sizeLimit: 512M
        name: gentoo-run
      - emptyDir:
          sizeLimit: 512M
        name: archlinux-var-log
      - emptyDir:
          sizeLimit: 512M
        name: gentoo-var-log
      - emptyDir:
          sizeLimit: 512M
        name: guix-var-log
      - emptyDir:
          sizeLimit: 512M
        name: guix-home-oleg-local-var-log
      - emptyDir:
          sizeLimit: 512M
        name: kali-rolling-var-log
      - emptyDir:
          sizeLimit: 512M
        name: nixos-var-log
      - emptyDir:
          sizeLimit: 16G
        name: nixos-var-lib-docker
      - name: mnt-web-btrfs-web99-home
        hostPath:
          path: /mnt/web-btrfs/web99-home
          type: DirectoryOrCreate
      - name: mnt-web-ext4
        hostPath:
          path: /mnt/web-ext4
          type: DirectoryOrCreate
      - name: docker-configuration
        hostPath:
          path: /home/oleg/.docker/config.json
          type: File
